Startup Authentication

Beginning with version 5.1, you can choose to enable passphrase-based startup authentication to provide further protection for the master key for all nodes in the same cluster. With passphrase-based startup authentication, the KeyControl node will enter Recovery Mode every time it is rebooted. You will need to enter the passphrase in the KeyControl webGUI. See the Recovery using Passphrase section in Recovering Access to KeyControl

Startup Authentication allows KeyControl to be used in tactical kits in hostile environments. Onsite staff can simply power off the KeyControl nodes, which make them unusable until a passphrase or admin key is provided.

Note: If Startup Authentication is enabled, you cannot add a new KeyControl node. You must disable Startup Authentication first, add the new node, and then re-enable Startup Authentication.